CVE-2024-1078
MEDIUM
Published 2024-02-07T07:32:19.550Z
Actions:
CVSS Score
V3.1
4.3
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.000
probability
of exploitation in the wild
There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.203
Higher than 20.3% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
WordPress Vulnerability
Identified and analyzed by Wordfence
Software Type
Plugin
Patch Status
Patched
Published
February 6, 2024
Software Details
Software Name
Quiz Maker
Software Slug
quiz-maker
Affected Versions
* - 6.5.2.4
Patched Versions
6.5.2.5
Remediation
Update to version 6.5.2.5, or a newer patched version
© Defiant Inc. Data provided by Wordfence.
References
Published: 2024-02-07T07:32:19.550Z
Last Modified: 2024-08-01T18:26:30.518Z
Copied to clipboard!